aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* dirmngr: Align the gnutls use of CAs with the ntbtls code.Werner Koch2020-09-103-10/+18
| | | | | | | | | | | | | | * dirmngr/http.c (http_session_new) <gnutls>: Use only the special pool certificate for the default keyserver. -- The gnutls version uses a different strategy than the ntbtls version on when to use the special SKS pool certificate. This patch aligns it so that we don't need to wonder about different kind of bug reports. In short the special cert is now the only cert use with the default keyserver. Signed-off-by: Werner Koch <[email protected]>
* scd: Flush KDF DO (0x00F9) when it's being set.NIIBE Yutaka2020-09-101-3/+3
| | | | | | | | | | | * scd/app-openpgp.c (do_setattr): Call flush_cache_item always. -- Only it was called when there was an object with KDF_DATA_LENGTH_MAX. No matter the VALUELEN, it should be flushed. Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Keep some permissions of private-keys-v1.d.Werner Koch2020-09-092-26/+54
| | | | | | | | * common/sysutils.c (modestr_to_mode): Re-implement. (gnupg_chmod): Support keeping of permissions. -- GnuPG-bug-id: 2312
* kbx: Change X.509 S/N search definition.Werner Koch2020-09-095-21/+15
| | | | | | | | | | | * kbx/keybox-search-desc.h (struct keydb_search_desc): Do not overload SNLLEN with a hex flag. Add SNHEX. * kbx/keybox-search.c (keybox_search): Adjust. * common/userids.c (classify_user_id): Adjust. * sm/keydb.c (keydb_search_desc_dump): Adjust. * g10/keydb.c (keydb_search_desc_dump): Adjust. Signed-off-by: Werner Koch <[email protected]>
* gpg,tools: Add handling of supported algorithms by a card.NIIBE Yutaka2020-09-084-0/+52
| | | | | | | | | | | * g10/call-agent.h (struct agent_card_info_s): Add supported_keyalgo. * g10/call-agent.c (learn_status_cb): Parse KEY-ATTR-INFO. (agent_release_card_info): Release supported_keyalgo. * tools/gpg-card.h (struct card_info_s): Add supported_keyalgo. * tools/card-call-scd.c (learn_status_cb): Parse KEY-ATTR-INFO. (release_card_info): Release supported_keyalgo. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add a workaround for Yubikey.NIIBE Yutaka2020-09-081-0/+3
| | | | | | | | | | | * scd/app-openpgp.c (get_public_key): Handle wrong code for Yubikey. -- Yubikey version 5 s/n 609074582 returns 0x6982, version 5.2.4 s/n 610616049 returns 0x6581, where 0x6a88 is expected. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix handling 0x00FA to support OpenPGP card 3.4.NIIBE Yutaka2020-09-071-1/+1
| | | | | | | * scd/app-openpgp.c (data_objects): It may be longer. Fixes-commit: 90d0072165cc5c6888f14462392a211de0c4b232 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Increase the number of supported readers from 4 to 16.Werner Koch2020-09-042-2/+3
| | | | | | | | | | -- The limit on 4 readers I introduced in 2003 is too low for some of our use cases. 16 looks better. TODO: Return a useful error message in gpg-card if the limit has been reached. Signed-off-by: Werner Koch <[email protected]>
* gpg: Initialize a parameter to silence valgrind.Werner Koch2020-09-042-2/+3
| | | | | | | | | | | | | | | | | * g10/keygen.c (read_parameter_file): Initialize nline. * g10/textfilter.c (copy_clearsig_text): Initialize bufsize. -- In iobuf_read_line the parameter to pass and return the current buffer length is controlled by the buffer parameter. Thus there should be no problem because the assert call check s buffer first. For yet unknown reasons when using the standard GNU libc assert valgrind complains about an uninitialized variable. That does not happen with our log_assert. Tested with gnupg 2.2.23 with gcc 8.3.0 and valgrind 3.14.0. Signed-off-by: Werner Koch <[email protected]>
* tests: New test run envvar to run gpg under valgrind.Werner Koch2020-09-042-1/+14
| | | | | | | | | -- Take care: Running under valgrind takes loooong and in some case you may run into an valgrind internal error. Signed-off-by: Werner Koch <[email protected]>
* scd: Support GET DATA response with no header for DO 0x00FA.NIIBE Yutaka2020-09-041-25/+28
| | | | | | * scd/app-openpgp.c (do_getattr): Support Gnuk, as well. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Parse "Algorithm Information" data object in scdaemon.NIIBE Yutaka2020-09-042-2/+112
| | | | | | | | * scd/app-openpgp.c (data_objects): 0x00FA for binary data. (do_getattr): Parse the data and send it in status lines. (get_algorithm_attribute_string): New. Signed-off-by: NIIBE Yutaka <[email protected]>
* sm: New options to prepare the use of keyboxd.Werner Koch2020-09-036-81/+423
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * sm/Makefile.am (AM_CFLAGS): Add npth flags. (common_libs): Use npth version of the lib. (gpgsm_LDADD): Add npth libs. * sm/gpgsm.c (oUseKeyboxd, oKeyboxdProgram): New. (opts): New options --use-keyboxd and --keyboxd-program. (main): Set them. (gpgsm_deinit_default_ctrl): New. (main): Call it. * sm/server.c (gpgsm_server): Ditto. * sm/gpgsm.h (opt): Add fields use_keyboxd and keyboxd_program. (keydb_local_s): New type. (struct server_control_s): Add field keybd_local. * sm/keydb.c: Include assuan.h, asshelp.h, and kbx-client-util.h. (struct keydb_local_s): New. (struct keydb_handle): Add fields for keyboxd use. (gpgsm_keydb_deinit_session_data): New. (warn_version_mismatch): New. (create_new_context): New. (open_context): New. (keydb_new): Implement keyboxd mode. (keydb_release): Ditto. (keydb_get_resource_name): Ditto. * sm/keydb.c: Add stub support for all other functions. Signed-off-by: Werner Koch <[email protected]>
* sm: Add arg ctrl to keydb_new.Werner Koch2020-09-0313-22/+24
| | | | | | | * sm/keydb.c (keydb_new): Add arg and change all callers. -- This will be used later.
* scd: Add handling of "Algorithm Information" DO.NIIBE Yutaka2020-09-031-0/+2
| | | | | | | | | | | | * cd/app-openpgp.c (data_objects): Add 0x00FA. (do_getattr): Add KEY-ATTR-INFO. -- See the section 4.4.3.11 Algorithm Information in the OpenPGP card functional specification version 3.4.1. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix segv importing certain keys.Werner Koch2020-09-021-2/+5
| | | | | | | | | | * g10/key-check.c (key_check_all_keysigs): Initialize issuer. -- Fixes-commit: 404fa8211b6188a0abe83ef43a4b44d528c0b035 from 2017 Signed-off-by: Werner Koch <[email protected]>
* keyboxd: Restructure client access code.Werner Koch2020-09-026-438/+525
| | | | | | | | | | | | | | | | | | | | | | | | | | | * kbx/kbx-client-util.c: New. * kbx/kbx-client-util.h: New. * kbx/Makefile.am (client_sources): New. * g10/keydb.c (parse_keyblock_image): Rename to keydb_parse_keyblock and make global. * g10/call-keyboxd.c: Include kbx-client-util.h. (struct keyboxd_local_s): Remove struct datastream. Add field kcd. Remove per_session_init_done. (lock_datastream, unlock_datastream): Remove. (prepare_data_pipe, datastream_thread): Remove. (keydb_get_keyblock_do_parse): Remove. (gpg_keyboxd_deinit_session_data): Release the KCD object. (open_context): Use of kbx_client_data_new. (keydb_get_keyblock): Simplify. (keydb_search): Use kbx_client_data_cmd and _wait. -- The data specific part of the code has been moved from gpg to a new module in kbx/ so that it can also be used by gpgsm. The OpenPGP parsing while reading the data has been replaced by storing the data in memory and parse it later. That makes a nice interface and abstracts the fd-passing/D-lines handling away. Signed-off-by: Werner Koch <[email protected]>
* keyboxd: Fix user id based queriesWerner Koch2020-09-021-4/+4
| | | | | | | * kbx/backend-sqlite.c (run_select_statement): Add the missing join for user id bases queries. Signed-off-by: Werner Koch <[email protected]>
* common: New helper function gnupg_close_pipe.Werner Koch2020-09-023-0/+21
| | | | | | | | | | | * common/exechelp-posix.c (gnupg_close_pipe): New. * common/exechelp-w32.c (gnupg_close_pipe): New. -- This function is mainly for documentation purposes and should be used along with gnupg_create_pipe. Signed-off-by: Werner Koch <[email protected]>
* Use only one copy of the warn_server_mismatch function.Werner Koch2020-09-0113-206/+174
| | | | | | | | | | | | | | | | | * common/asshelp.c (warn_server_version_mismatch): New. Actually a slightly modified version of warn_version_mismatch found in other modules. * common/status.c (gnupg_status_strings): New. * g10/cpr.c (write_status_strings2): New. * g10/call-agent.c (warn_version_mismatch): Use the new unified warn_server_version_mismatch function. * g10/call-dirmngr.c (warn_version_mismatch): Ditto. * g10/call-keyboxd.c (warn_version_mismatch): Ditto. * sm/call-agent.c (warn_version_mismatch): Ditto. * sm/call-dirmngr.c (warn_version_mismatch): Ditto. * tools/card-call-scd.c (warn_version_mismatch): Ditto. Signed-off-by: Werner Koch <[email protected]>
* sm: Fix a bug in the rfc2253 parserWerner Koch2020-08-281-1/+1
| | | | | | | | | | | | | * sm/certdump.c (parse_dn_part): Fix parser flaw. -- This could in theory result in reading bytes after a after Nul in a string and thus possible segv on unallocated memory or reading other parts of the memory. However, it is harmless because the rfc2253 strings have been constructed by libksba. GnuPG-bug-id: 5037 Signed-off-by: Werner Koch <[email protected]>
* doc: Fix typosGavin L. Rebeiro2020-08-282-2/+2
| | | | --
* common: Fix fallback handling to utf-8.NIIBE Yutaka2020-08-281-1/+1
| | | | | | | | | | * common/utf8conv.c (handle_iconv_error): Set NO_TRANSLATION. -- GnuPG-bug-id: 5038 Fixes-commit: 99c9bf7defd6c1ac9cc49c84e6c78eeb886a6952 Signed-off-by: NIIBE Yutaka <[email protected]>
* doc: Add a remark about keyservers.Werner Koch2020-08-271-0/+5
| | | | --
* scd: New option to APDU command to return the ATR as data.Werner Koch2020-08-273-8/+29
| | | | | | | | | | * scd/command.c (cmd_apdu): Add new option --data-atr. * tools/gpg-card.c (cmd_apdu): Use that here. Also fix the --exlen option and do not print the statusword in atr mode. * tools/card-call-scd.c (scd_apdu): Detect atr mode anddon't assume a status word. Signed-off-by: Werner Koch <[email protected]>
* scd: Fix reading of the ATR for card type detection.Werner Koch2020-08-271-1/+1
| | | | | | | | | | | * scd/app.c (app_new_register): Do not use apdu_get_slot. -- apdu_get_slot() may only be used after the APP has been initialized. Thus we need to pass teh slot here directly. Fixes-commit: 9f148360a2bf04672b43ef7cec48e21d44b06ae1 Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Print the last alert message returned by NTBTLS.Werner Koch2020-08-271-0/+8
| | | | | | * dirmngr/http.c (send_request): Print the last TLS alert. Signed-off-by: Werner Koch <[email protected]>
* scd: Add heuristics to identify cardtype.NIIBE Yutaka2020-08-272-3/+23
| | | | | | | | | | | * scd/app-common.h (cardtype_t): Add CARDTYPE_GNUK and CARDTYPE_ZEITCONTROL. * scd/app.c (strcardtype): Handle CARDTYPE_GNUK and CARDTYPE_ZEITCONTROL. (app_new_register): Detect Gnuk and Zeit Control implementation by examining its ATR string. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add condition for VERIFY with 0x82.NIIBE Yutaka2020-08-271-4/+9
| | | | | | | | | | | | | * scd/app-openpgp.c (verify_chv2): Check availability of keys in question. -- With buggy Gnuk (<= 1.2.15), when no encr/auth keys are available, it fails decrementing the signature error counter. This change can avoid the issue. Signed-off-by: NIIBE Yutaka <[email protected]>
* build: Silence gcc warning -Wformat-zero-lengthWerner Koch2020-08-261-0/+1
| | | | | * configure.ac: Avoid useless gcc warning. We use an empty string quite often, for example in log_printhex.
* speedo: Allow customizing the release processWerner Koch2020-08-262-25/+77
| | | | --
* gpg: Remove left over debug output from recent change.Werner Koch2020-08-251-2/+0
| | | | | | * g10/import.c (collapse_subkeys): Remove debug out. Signed-off-by: Werner Koch <[email protected]>
* examples: Simplify vsnfd.prfWerner Koch2020-08-251-1/+0
| | | | * doc/examples/vsnfd.prf: Remove default-new-key-algo option.
* sm: Do not require a default keyring for --gpgconf-list.Werner Koch2020-08-251-0/+1
| | | | | | | | * sm/gpgsm.c (main): No default keyring for gpgconf mode. -- GnuPG-bug-id: 4867 Signed-off-by: Werner Koch <[email protected]>
* gpgconf: Silence warnings from parsing the options filesWerner Koch2020-08-251-2/+3
| | | | | | | | * tools/gpgconf-comp.c (retrieve_options_from_program): Set verbose flag for the arg parser only in --verbose mode. -- Signed-off-by: Werner Koch <[email protected]>
* agent: Allow using --gogconf-list even if HOME does not exist.Werner Koch2020-08-251-1/+2
| | | | | | | | * agent/gpg-agent.c (main): Do not create directories in gpgconf mode. -- GnuPG-bug-id: 4866 Signed-off-by: Werner Koch <[email protected]>
* doc: Typo fixesWerner Koch2020-08-252-2/+2
| | | | --
* gpgconf,w32: New debug command --show-codepages.Werner Koch2020-08-252-12/+18
| | | | | | | | | | | | * tools/gpgconf.c (aShowCodepages): New. (opts): New command --show-codepages. (main) [W32]: Implement -- This is a Windows helper command to quickly check which code pages are currently used. Useful for debugging. Has no effect on Unix. Signed-off-by: Werner Koch <[email protected]>
* gpg: Collapse duplicate subkeys.Werner Koch2020-08-255-4/+133
| | | | | | | | | | | | | | | | | * g10/options.h (IMPORT_COLLAPSE_UIDS): New. (IMPORT_COLLAPSE_SUBKEYS): New. * g10/gpg.c (main): Make them the default. * g10/import.c (parse_import_options): New import options "no-collapse-uids" and "no-collapse_subkeys". (collapse_subkeys): New. (import_one_real): Collapse subkeys and allow disabling the collapsing using the new options. (read_key_from_file_or_buffer): Always collapse subkeys. * g10/keyedit.c (fix_keyblock): Call collapse_subkeys. -- GnuPG-bug-id: 4421 Signed-off-by: Werner Koch <[email protected]>
* Add a new dist signing keyWerner Koch2020-08-241-0/+0
| | | | | | | | | | -- This is pub ed25519 2020-08-24 [SC] [expires: 2030-06-30] 6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA uid Werner Koch (dist signing 2020)
* gpgtar,w32: Handle Unicode file names.Werner Koch2020-08-214-10/+68
| | | | | | | | | | | | | | | | | | | | | | * tools/gpgtar.c (oUtf8Strings): New. (opts): Add option --utf8-strings. (parse_arguments): Set option. * tools/gpgtar.h (opt): Add field utf8strings. * tools/gpgtar-create.c (name_to_utf8): New. (fillup_entry_w32): Use that. (scan_directory): Ditto. (scan_directory) [W32]: Convert file name to utf8. (gpgtar_create): Convert pattern. -- Note that this works only with file names read from a file or if the specified files on the command line are plain ascii. When recursing into a directory Unicode file names work again. This limitation is due to main(int, char**) which can't get the wchar version. We could fix that but is needs a bit more work in our init code. GnuPG-bug-id: 4083 Signed-off-by: Werner Koch <[email protected]>
* common: Use gpgrt functions for mkdir and chdir.Werner Koch2020-08-211-24/+6
| | | | | * common/sysutils.c (gnupg_mkdir): Divert to gpgrt_mkdir. (gnupg_chdir): Divert to gpgrt_chdir
* common,w32: Do not assume the ANSI code during string conversion.Werner Koch2020-08-211-2/+21
| | | | | | | | | | | | | | * common/utf8conv.c (get_w32_codepage): New. (wchar_to_native): Use instead oc CP_ACP. (native_to_wchar): Ditto. -- This should fix quite some issue; we fixed it when using the iconv based machinery about 14 years ago. At some point we introduced the new conversion functions because Windows started to support UTF-8 natively. The fix comes late but well, it is done. Signed-off-by: Werner Koch <[email protected]>
* common: Strip trailing CR,LF from w32_strerror.Werner Koch2020-08-212-1/+7
| | | | | | | | | | | | | | | | * common/stringhelp.c (w32_strerror): Strip trailing CR,LF. * common/iobuf.c (iobuf_get_filelength): Use -1 and not 0 for the arg to w32_strerror. -- This is in particular annoying since we started to use a string argument sanitizer in the logging code. Before that we just add an extra blank line. The second patch corrects a never yet seen error message. Signed-off-by: Werner Koch <[email protected]>
* gpgtar: Add dummy option --tarWerner Koch2020-08-202-0/+11
| | | | | | | -- GnuPG-bug-id: 3772 Signed-off-by: Werner Koch <[email protected]>
* gpgtar: Make --files-from and --null work as described.Werner Koch2020-08-206-27/+100
| | | | | | | | | | | | * tools/gpgtar-create.c (gpgtar_create): Add args files_from and null_names. Improve reading from a file. * tools/gpgtar.c: Make global vars static. (main): Remove tests for --files-from and --null option combinations. Pass option variables to gpgtar_create. -- GnuPG-bug-id: 5027 Signed-off-by: Werner Koch <[email protected]>
* build: New configure option --disable-testsWerner Koch2020-08-209-2/+57
| | | | | | | | * configure.ac: Add option --disable-tests. Print warnings in the summary. (DISABLE_TESTS): New am_conditional. -- GnuPG-bug-id: 4960
* doc: Describe the relation between pubring.gpg and pubring.kbxWerner Koch2020-08-201-6/+34
| | | | | -- GnuPG-bug-id: 4958
* gpg: Fix regression for non-default --passphrase-repeat option.Werner Koch2020-08-202-4/+13
| | | | | | | | * agent/command.c (cmd_get_passphrase): Take care of --repeat with --newsymkey. -- GnuPG-bug-id: 4997
* gpg,gpgsm: Record the creation time of a private key.Werner Koch2020-08-195-12/+43
| | | | | | | | | | | | | | | | | * sm/call-agent.c (gpgsm_agent_genkey): Pass --timestamp option. (gpgsm_agent_import_key): Ditto. * g10/call-agent.c (agent_genkey): Add arg timestamp and pass it on. (agent_import_key): Ditto. * g10/import.c (transfer_secret_keys): Pass the creation date to the agent. * g10/keygen.c (common_gen): Ditto. -- Having the creation time in the private key file makes it a lot easier to re-create an OpenPGP public keyblock in case it was accidentally lost. Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-23 16:29:05 +0000